Slashdot Mirror
FBI Director: Without Compromise on Encryption, Legislation May Be the 'Remedy' (cyberscoop.com)
An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.
More like the government institutions are less safe from the people.
This guy sounds like one of those out of touch eurotrash politicians. STFU and be better at your job asshat.
Either private companies give up our privacy by allowing the government access to our communications...... or laws will be passed FORCING them to give up our privacy.
And we wonder why the United States Government won't pass a law protecting our personal data.
Many backdoors to pound on until hacked.
FBI and CIA fools should be fired for such stupid requests.
When encryption is outlawed, only outlaws will
-----BEGIN GPG MESSAGE-----
Charset: utf-8
qANQR1DDDQQJAwKQIuGxR9ku8L/SQgH6kXzdtVHv9IwDWcZVsGX5G2UZje9L8VoC
Y6faoCNMAg+Zq8S92arz+DV/yEsZo3jBoCFZBsOPqXOO8ATiMmoSQA==
=7Ce4
-----END GPG MESSAGE-----
If the private sector does not recognize 3.2 as the true value of Pi, then legislation may be the only remedy.
The issue is settled: encryption is here. By talking about it, this guy is trying to unsettle it. But he doesn't have the lobbyist power that Tim Cook has, and no one likes him anyway.
Math doesn't have it. If there's a shared key to all our communications, it will sooner or later leak and it will render all encrypted data wide open. Also, I presume that for some reasons Christopher Wray doesn't keep a copy of the keys to his house at some government agency, no?
Governments and often unrelated companies are less privy to our private lives as a result of it. FTFY.
before smartphones came along? Why do they not get that the people don't want them to be able to utilize new technology to make solving crimes any easier than before?
Everyone is guilty of something. The only way the system works is if the balance between cost of prosecution and magnitude of the crime worth prosecuting remains stable (or given that we already incarcerate far more than most, shifts a bit in favor of crime). If prosecution becomes cheaper and easier, we can quickly become a police state without changing any laws.
Obviously, truly dangerous criminals will use strong encryption. He's living in a fantasy world where no one adapts or changes their behavior.
And, my oh my, what ever did they do before electronic communication was widespread?
When encryption has backdoors, then NO ONE will have encryption at all
You CANNOT have 'backdoors' in an encyption algorithm and still have effective encryption, goddamnit!
Clearly the FBI and Congress doesn't give a rat's ass whether or not anyone has secure systems or not, so long as they can stick their little brown noses into everyones business. Who cares if every computer in the country is easily hacked by even script kiddies, everyones identity is stolen, and everyones bank accounts drained and credit cards charged up? The Feds will have 'unbreakable' encryption, as will all elected officials and of course The Rich, they'll all be exempt from it, while the rest of us are wide open to whoever wants to victimize us.
Them, them, FUCK THEM.
Let us not forget the Democrats want this more than Republicans. Use open source software and encrypt the hell out everything.
and that will make everyone unsafe for certain.
They can track who you contacted, when you sent something, any time a dollar changes hand, any item you send in physical mail, but for some reason ease dropping on conversations in iMessage, Line or Whatsapp is the biggest obstacle they have? If anything they should be able to do the same police work they always have but even better now that they are collecting a ton of meta data and other various digital information about a subject.
Sorry you after birth of a Bulgarian butt fuck no room what so ever it is now what it is.
Fuck you.
Maybe the solution is not to add new legislation but to relax other that already exist.
"People are less safe as a result of it." People are less safe by leaving their room every day. Some things are just expected to be "less safe" but we do them because we want to be more than prisoners.
They keep talking about "compromise" as if Tim Cook and Larry Page have everyone's encryption keys in a file on their laptops that they refuse to hand over for convicted mobsters. That sort of mindset just does not reflect the nature of the situation.
Here is what it ultimately boils down to:
1. The user - and only the user - has the encryption key.
2. Companies are compelled to sell devices that cannot be secured at all, because a 'master key' lives somewhere.
That's it. Those are the two options. There is no way for the phone to verify if there is a warrant, or if the person inputting the master key is truly a law enforcement agent or not, or any other way to ensure the individual using the master key is justified in doing so, or any means of discriminating between a hack and a court order.
If Wray would like to come up with a third option that doesn't ultimately fall into the category of one of the other two, he's welcome to try. Smarter people have failed.
Seriously. I'll bet this shit comes back to some from China / India / G20 country..
To think people faught and died for freedom only to have it slowly torn away by assholes like this guy. Disgusting.
It is not the job of the security services to prevent crime/terrorism/kiddie porn/copyright infringement/whatever. It is their job to investigate after the fact in order to convict those responsible. That's how our justice system works. The only justification for the ability to decrypt all encryption is for (attempted - in reality it will never work) prevention.
After a crime has been committed, in order to obtain evidence, the authorities can always obtain a warrant to compel a device owner to decrypt/unlock a device. If the owner refuses, that's what contempt of court is for. If the device owner is dead, who gives a fuck what's on the phone? If the owner (presumed criminal) is willing to sit in jail indefinitely for refusing to unlock/decrypt, that is an acceptable outcome.
Please, I don't give a rat's ass about what evidence you can or can't gather from devices. It isn't pertinent to the discussion. People should be able to have private conversations that you don't get access to under ANY circumstances for whatever damn reason they please. Go F yourself. You anti-american, anti-democratic, nazi, communist, dick-weed. YOU are the enemy of the people. The "criminals" and "terrorists" are the least of our problems. You are and your ilk are to be feared and removed from office. You are the danger. You are not the solution. You are the problem.
For over two hundred years we didn't have cellphone encryption so there is no reason to start now! If we had a right to encrypted communications the founding fathers would have put it into the Bill of Rights. Just think of all the crimes that would never have been solved if people could have used encrypted cell phones. History has proven one thing the only way to solve crimes is by getting access to personal cell phone data.
Don't listen to them. You need understand how to generate good entropy, that's about it.
Forget about all the stupid academic attacks you hear about. Cache timing attacks, differential power analysis. Give me a fuckin break. Nobody is going to crack your homebrew algo with power analysis. These are ridiculous lab setups where the machine is all scoped out and they are hammering a well-known algorithm and looking for differences in the behaviour which leak key or psrng states.
The weakness is exactly because it's a 'well-known' algoritm.
Roll your own crypto and make the confusion/diffusion steps as expensive as you can. Make sure it has no math shortcuts. This kills the fed supercomputer. It has no frame of reference. Decrypting a blob of perfectly smooth data from an unknown algorithm with no key is like figuring out exactly how the universe works just by guessing.
Anytime any political type of any stripe says they just want compromise, what they mean is they want capitulation.
You know what would be an even better tool to help those efforts? Having a sane, rational foreign policy that doesn't result in the creation of terrorists in the first place.
that is some weapons grade trolling -- kudos.
People have forgotten the lessons of 9/11, the gut wrenching feelings when we collectively watched those towers fall. Hopefully law enforcement can prevent us from revisiting those days. Key escrow would be a good tool to help those efforts.
What lessons are you talking about?
The terrorists didn't use any encryption in their communications:
https://brian.carnell.com/articles/2001/would-encryption-controls-have-prevented-the-911-attack/
will just push the rest of the world to products and services from OTHER COUNTRIES...
while open source and 'bootleg' imported hardware will take over THIS one.
is that what you want? is that what your party's puppet masters (i.e. the big companies and campaign 'donors') want?
didn't think so.
back doors built into products will get owned by hostile entities. you can't control it. don't even fucking try.
I want to watch the fallout. I want to see the shit-show descend on their heads while they wail about how the sky is falling and everybody else is to blame.
Doing everything they can to break privacy, and ensure they can eavesdrop.
and he'll get his legislation.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Our government already knew everything there was to know about the 9/11 attack and chose not to act. You're a liar who knows they are lying as they are lying. Everyone here sees that. You are transparent.
Two Issues to consider - If an application was built with a backdoor the hackers of the world would invest their considerable talents and efforts into finding that back door and they will find it once found it will be abused. Once the back door has been uncovered the company who built the application would be required to fix it. Now who is going to pay for the fixing? Not the company because they know the same things that one is reading now. YOU will pay for the new application. YOU will pay to inform ALL the people who are using this now worthless application that it is broken and needs to be updated. YOU will pay to download and ensure that the new version is in use. This will happen over and over until YOU give up your foolish mandate. The state of Mississippi once considered mandating PI as 3. Same issue, politics needs to understand mandating foolish ideas makes one look like the fool they are! --- Since the world has MANY countries in it, any mandate for USofA would not apply to the other countries. Any person wanting or needing a non-FU encryption application would find one from some other source and use it. How are YOU going to mandate what application one uses to encrypt? You can't! Poof! There goes universal back door access!
Easier just to outlaw Islam tbh.
Remember when all of those people screamed we should give up our firearms. They're screaming we need to give up our privacy and all other rights as well. Republicans and Democrats are a danger to all of us. Hopefully Trump will destroy the deep state before they destroy him.
Spies and soldiers (especially on the spy side) need as good or better security than I need to talk to my bank. The CIA, military and (Canadian) CSE know it's a trade-off. The FBI and RCMP pitch it as a trivial question with an obvious answer.
For every hard problem there is always one clear, obvious and simple answer.. and it's wrong .
davecb@spamcop.net
One other thought, if they're so worried about the Russians hacking our elections, why the hell would they want to cripple encryption? This all doesn't sound right. Alarm bells should be going off for everyone.
Give people free gigabit Internet in exchange for spyware apps voluntarily run.
People will sell out to that.
"I don't want to characterize private conversations we're having with people in the industry."
But he does want to characterize everybody else's private conversations.
What's the point of everyone carrying around telescreens with them 24/7 if the thought police can't check up on what people are doing? It's a beautiful thing, the destruction of privacy and democracy. Mandated backdoors are doubleplusgood.
These government guys are like a shitty 8-track.
I'm presently studying digital forensics specializing in mobile forensics. We ARE -with a warrant- able to retrieve almost all of your location data in a timeline. We can -with a warrant- get your location when you made or received a call even if you let it go to voicemail. We can -with a warrant- get your complete call history, SMS and get your voicemails including quite a lot of deleted voicemail messages. We can -with a warrant or if a device was legitimately taken as evidence- extract tonnes of data wiped off of phones (except for blackberrys for some reason. when a blackberry does a datawipe it is not f$cking around).
80% of mobile phones seized are android phones. 90% of android phones have encryption disabled by default meaning physical extraction is reasonably simple. But that requires someone to do the job. Ignoring the 5% of IPhones collected as evidence, the big push is to use the seized mobile device as a gateway portal into all of your private online services like banking, email, IM(whatsapp,skype,etc), cloud storage(OneDrive, Google Drive,ICloud) and Social Media(Twitter, Facebook, Snapchat). By using the legally seized phone as a gateway to these services it bypasses the need to get a legal warrant for cooperation from these services.
The real problem these government assholes don't want to actually pay their forensic techs to extract the data. Also they DONT want to have to be bothered with getting a lawful warrant for the data they collect. The goal in most investigations seems to be collect everything (wildly invade peoples privacy) and then decide what is relevant later.
Saying this potentially puts my future job prospects at risk but the best way to f$ck overreaching government searches is if people insist their online services use TFA or MFA thats NOT based on SMS or email. Encryption doesn't hugely effect forensics in the majority of crimes. Properly done TFA or MFA would solve everyones privacy issues and f$ck over unlawful government overreach.
With proper online TFA/MFA, If the government has a legit LEGAL reason they can get the data. Otherwise they can go play in traffic.
Good comments:
"... there is still open source, free and openly available encryption."
"... there are phones moving across political boundaries."
Many people in government and in management of private companies have NO knowledge of technical issues. That doesn't prevent them from having what they consider to be a strong and sensible opinion. They don't recognize they are ignorant.
ALSO: Back doors are not an answer. They will ALWAYS eventually be compromised.
I believe strong encryption protects me against both criminals and my government. We all know criminals are, well criminals! But the bureaucratic leadership of the NSA, DOJ and FBI IS corrupt. And at the moment, FBI Director Christopher Wray and his corrupt partners running the DOJ and NSA are the greatest cyber threat in America.
;)
FBI Director Christopher Wray's statement that "strong encryption on mobile phones keeps law enforcement from gaining access to key evidence" is in my case falling on deaf ears. I do not see a problem here. Things are just as they should be.
And FBI Director Christopher Wray can pound sand. And he IS the weasel I suspected he was.
Just my 2 cents
For decades the IRS was able to run sophisticated operations in Ireland.
This despite not having the internet or computers.
Google "Numbers stations", again been around for decades.
This has ZERO to do with making anyone "safe", its all about being able to control the masses.
I'll get modded to hell for this, but I kind of agree with him?
Most people I know have no qualms about the way old-school wire-taps worked.
Law enforcement got a warrant from a judge, and only if the judge thought that there's enough reason to suspect the target is on to something, only THEN could they hook into a user's phone lines or open their mail. (or at least that's how it was supposed to work).
This, IMHO, seems like a good balance between the right to privacy and law enforcement needs, and has enough judicial oversight to not be easily abused.
I have no idea how one could implement a similar scheme nowadays. Backdoors are dangerous, and the oversight mechanisms have been broken for quite a while (just say "it's for national security!"). But having some means for the 'good' guys, with sufficient oversight, to be able to use surveillance to catch the baddies doesn't seem too bad to me?
As a compromise, the public can be given read-only access to every politicians:
-tax records
-bank accounts
-credit card statements
and their extended family as well
I mean, it's taxpayer money, so taxpayers deserve to know where it goes. And if they have nothing to hide, they have nothing to fear!
Every dime paid to a public servant should be fully traceable, fully open , fully public.
repeat for count=0..32
Your honor, those files contain only random bytes; there is nothing to decrypt.
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
Just what is the point of your position Christopher Wray?
Let us say that I want to discuss what should happen to Putin's (censored)?
Should that (censored subject) be available to Putin?
Weak crypto is WEAK! Really, Chris it is WEAK - that is why it is called Weak, Bad, Backdoored.
Sit in on a 2 hr lecture on Crypto before you decide what is best, Chris.
We don't want our thoughts exposed to Russia, or anyone not on our mail list - Chris.
Like the old export restrictions on strong cryptography, is USA going to ban imports of strong cryptography?
"I'm sorry, you can enter USA with your phone, it's too secure. Dispose of it or get back on the plane home"
We get FDIC-style insurance for the trillions of dollars lost to the inevitable fraud, as FBI contractors make a little extra on the side from selling Master Keys (see "TSA").
I read in my history books that the traitor George Washington used cryptography to hide messages from the legitimate government of His Majesty the King.
If this whole "right to private communication" thing didn't exist, that traitor George Washington would not have been able to subvert the rightful government of His Majesty the King.
All papers should have been available for inspection. It would have prevented the most sinister of documents, the declaration of war known as the "Declaration of Independance", enabling the traitors to rebel against a legitimate ruling party.
If you could keep the "real assholes" who are held so highly in public from manipulating the data, then encryption wouldn't matter. Nothing will work if we don't encrypt and anyone can just "tap" into the fiber line (GPON makes that even easier).
You say you are going to quasi-encrypt it and only let the good guys know, yea right. Burn all the books!
Yes, I can re-calculate a checksum, I can't keep up with decrypting a random key though because it takes more energy to guess than to encrypt.
The sad thing is, this exact manipulation of data destroyed 10 years of hard work building a business for me because we'd prefer corruption as a form of education in this country it seems.
I still don't know why you can't make a phone that has real encryption, and just have an option to "share everything with the current good guys". Your problem there, when you encrypt with the "good guys" is that one bad apple just passes out your information, he probably just thought he was doing good out of his own ignorance but is too arrogant to realize he needs education and actually do something about it. Oh well he needed a job and you thought monitoring of private individuals information was the best fit for the level of stupid that he was. Then you didn't realize the repercussions of using this method to educate the idiot and the impact it would have on good people. Plus you spent 20 times as much money vs conventional education, all because the moron couldn't sit still and read a book and actually do the work.
No amount of DRM and no number of cameras is going to fix that. Gold.
What if I just like to email strings of random characters? How do you prove that something is encrypted?
That's like saying that because we had that big flood costing hundred of lives, it's necessary that everyone wears seatbelts!
No. And you should be hung for treason for pushing for it. As should anyone in office pushing for it. You are conspiring against the people of the United States and should just be convicted of treason, and hung for it. Publicly. Put me on the jury, I'd vote to convict you. I'm sure there are a lot of us who'd vote to convict you. Just leave us alone.
This sig intentionally left blank.
Back before the days of cell phones, judges could give prosecutors the ability to (1) break into someone's house, (2) install a device like these and then collect data.
You could also take someone's smart phone, root it, and install a surveillance software (with the same due process above). Even with encryption, if I have access to your phone (and it's unlocked -- figuring out a 6 key pass-code by spying isn't exactly James Bond's hardest mission) I would have access to your private key to decrypt said messages.
What law enforcement wants here are not the old rights they've always had -- but new ones. As the late Antonin Scalia wrote for the unanimous court regarding the unconstitutionality of planting a GPS device without a warrant:
“What we apply is an 18th century guarantee against unreasonable searches, which we believe must provide at a minimum the degree of protection it afforded when it was adopted,”
-- Political fascism requires a Fuhrer.
There's a variant of your #2:
2a. Companies are compelled to sell devices with reduced security because a master key lives somewhere.
The spooks are convinced that the master key can be kept secure. Maybe because they have it and give out keys generated from that to companies that provide crypto.
Sure, one day some hackers may gain that key and crack the world, but in the mean time, the FBI would be able to trivially crack all comms and they would be fine with that.
That's more or less what they are pushing for. I expect them to get it, more or less. I.e. every official app will be FBI approved and monitored, just like China. All unofficial crypto banned, just like China.
And, yes, only the outlaws will then have proper crypto. All honest civilians would be totally exposed to corrupt officials. Happy days.
You want all our data? Fine, give us all YOUR data as well. 6 month lag at most to prevent issues of current investigations. Everything must be public, even access times, who and how much.
That's true compromise.
cannot stop attacks that are reported prior, much less use data to do it. time to take up arms?
And then what do you propose when this "solution" later becomes not enough for them and they want more, and they alter the agreement, Mr. Chamberlain? And they WILL eventually want more. If you think not, you are the stupidest motherfucker to walk this earth.
...shit
Someone should quietly point out to Trump that all those secret messages to Putin wouldn't be so secret if the FBI had their way regarding encryption. Things would quickly be resolved in favour of encryption then. ;)
"If it doesn't go the way I want, I will pass a law to kill those who defy my edicts."
The refrain of the politician.
What exactly does Wray think is going to happen here? Will he outlaw math?
You're delusional if you think this is a Trump issue. Last I checked, Snowden happened under Obama.
The manufacturers have signing keys. They choose to show contempt of the courts in the US in a PR stint but kowtow to the Chinese.
All the FBI heads have said this, regardless of who appointed them.
I still like the Safe Metaphor - the safe manufactures don't give backdoor codes to law enforcement. Instead, you have people in law enforcement learning how to crack the safe. What needs to happen is either law enforcement learns password cracking tools and the like, or more likely to have a separate branch, that specializes in password and phone cracking, which each law enforcement, from local to FBI, can send the items to with the corresponding warrant.
oh wait, I guess it still counts if you're the one capitulating...
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
You can't put the genie back in the bottle. Encryption is available to all in software. Legislation can't change that.
Any claims by the government that they can keep their hacking tools / backdoors secure were disproved by the Snowden data theft. Whatever the excuse, someone was able to steal extremely sensitive data from the NSA. Is there any real reason to think that other intelligence or law enforcement agencies would do a better job? So any tools the government has are likely to end up in the hands of other (possibly enemy) governments, and in the hands of organized crime.
The government has lost its credibility on this for a very long time.
So no, I do not believe the world will be a better place when no American's information is secure.
In addition, even if the government could be trusted to secure the information, I do not want to give them the power that that information represents. Governments can go bad, and open access to everyone secrets in the country is not a weapon that I trust in anyone's hands. I accept that the result of this is a higher rate of ordinary crime and terrorism. As things sit in the US now, that is a bargain that I am happy to accept.
When he says "legislation" he means "martial law". Trump, are you listening?
You'd have to live in a real shithole cuntry to have politicians who serve only themselves. BIGLY what is your government transparency rating, or do you not even know?
It isn't a given anymore as people even at home use a smartphone, something they always have on them and is nigh impossible to bug remotely, if it is a burner. So encryption *is* indeed an incredible privacy advance to what we had before, but it also enable perfectly private communication among criminal elements. And THAT did not exists before.
Strong encryption already exists and the best you can hope to do via legislation is create a black market for it. Considering what an abject failure the war on drugs has been it is safe to say that the war on encryption will encounter similar pitfalls.
This is untrue. Scholars in the middle ages were mistaken about many aspects of cosmology, to be sure, but the whole flat Earth business is a myth in more ways than one. First, it's important to understand that there were no official dogmas on these matters. But setting that fact aside (which requires a discussion of how dogma, canons, and councils work), there's a more directly relevant fact. The major Christian teachers during the middle ages treated the world as spherical. Hell, even the guys who objected to Galileo in later years thought of the world as spherical.
The reasons for this have to with the Aristotelian physics to which the objectors to Galileo were regrettably too committed. To oversimplify their position: earth (dirt, minerals, etc.) and water goes down; air and fire go up. If the former go down from all directions and the latter go up, you cannot but have a spherical planet with airy, firey (and quintessential!) things above it. Indeed, the objection to Galileo is based partly on this Aristotelian understanding of the elements (How can the Earth be moving in a circular fashion if the natural motion of its primary constituent--earth--is simply down?). To be sure, we have a better understanding of physics today than did the scholastic disciples of Aristotle, but I hope you can see that even in their view a flat Earth is incoherent.
TL;DR: Neither the Church nor educated medieval folk in general bought into any flat Earth nonsense. This is merely a popular myth. Modern flat Earthers are even behind Aristotle (d. 322 B.C.) on this one. Now, whether the spherical Earth was thought of as moving or fixed in the center of the universe is another story altogether...
P.s. I only offer this lengthy correction because sometimes I fear we give modern flat Earthers the appearance of having even more credit than they deserve. Conspiratorial minds can dismiss claims of what we can discover with government funded rockets and satellites. "No one believed this round earth stuff until the government forced it on us all and fabricated the evidence!" My response is something along the lines of, "Come on. Medieval people knew the Earth was round. Eratosthenes had a pretty good estimation of its size, given the limited tools he was working with. Come join the third century B.C., will you? Grab a pocket calculator and look down a well."
DMCA has an exemption for law enforcement. Remove that.
More like the government institutions are less safe from the people.
People are less safe. Incompetently planned terrorist attacks are more likely to succeed. Criminals are more likely to go uncaught.
But we are also more secure against massive casual surveillance, and have more of a buffer against a worse government than the one we have now. The problem with most of these things aren't what the government is doing with them, it's (mostly) what the government *could* do with them if the culture of certain three letter agencies got worse.
The government has the right to intercept your communication when you're a subject of investigation for a crime. In that situation the law says that the police or relevant authority CAN listen in to what you're saying because a judge authorised it. When a warrant has been issued by a judge for the interception of a person's communications then any conversation they have using telecommunications devices is up for grabs by the police, etc. This also applies to surveillence and bugging environments/people so that they can be eavesdropped on - when authorized.
The problem is that people want to believe that because they use WhatsApp encrypted chat that somehow that communication is not covered by the warrant issued by a judge.
Of course feel free to add on here that the government should never be able to issue a wiretap order or similar to gain evidence in a case of investigating criminal behaviour because acquiring evidence of crmininal behaviour is not what we want the police to be able to do, right?
Well that was your first mistake
Go die in a fire you piece of shit
Don't you have orange traitors to chase who is too stupid to use encryption?
- Unlimited immigration.
- Letting crime run rampant without any attempt at enforcement or punishment.
- Running grand social experiments on the population.
- Raising tensions with Russia.
- General war-mongering.
- Elites fighting among each other with no regard for actually taking care of the country.
Encryption actually ranks pretty low on the list of things that keep people unsafe.
Yes, itnis actually called literally that. And it says basically exactl what you said.
How quickly people forget.
Yes, cording to that law, they can just grab you, ship you to some conecntration camp, I mean black site (like Guantanamo), and you do not even have the right to ask why, let alone contact anyone (even a lawyer or your family).
Yes, the US de-facto is a full-on totalitarian fascist state. Theivestock, err, people just haven't realized yet. Just like here in Germany back in the days. (People said they did not know what was going on at Auschwitz etc.)
Jesus, how voter (aka retarded) are you??
Just like you cannot choose to hear something. Or more sneakily, could not *actually* choose not to read *this*!
Somebody can and will send you encrypted data to get rid of you. Or do you believe you have no enemies? (Not with being an asshat like that!)
... that it is the money NOT earned and NOT worked for.
Aka the money STOLEN or ROBBED.
And that is the entire basis of your capitalism.
Communism is a stupid delusional idea, ignorant of human behavior, that can never work in practice.
Capitalism is literally crime, and stems from a psychopath mindset where harm to others is not only OK, but MUST be growing exponentially, or it's stagnation/depression and oh noes!
And if you treat this like a dichotomy, then you are passive-thinking programmed livestock already.
"I don't want to characterize private conversations we're having with people in the industry. " Somebody missed Irony 101 at the academy...
Unless you are dumb enough to both be poor AND live in a major metro area (seriously, greyhound can solve that for $50 so you have it coming) the biggest threats when it comes to crime are circumstances and paranoid law enforcement.
Maybe legislation should settle Pi while they're at it. Seems about as productive.
They would be at the forefront of this debate. It is unquestionably true that encryption is an "arm" used for self defense. It is in fact one arm that has no offensive use at all and can be used only to defend yourself from attack.
Panopticons for everyone!!!!!!
POTUS fired the sitting FBI director and appointed this stooge. What did you expect? He did not need to have experience in the field. It was meant to punish the FBI. Again, what did you expect?
from a non technical guy talking about technical issues, his idea is to mandate a non technical solution to a technical problem.
He is pissed because American companies wont do his bidding of unlocking phones whenever he wants. Meanwhile what these companies see is the economy slowing down because people WILL stop using cellphones. First they will be banned from any corporate office as a matter of corporate policy, Now you have people using their phones less and starting to create social groups again, making plans, doing stuff, Shopping less! There goes ad revenues for google and sales for amazon, most of the advertisers will start going out of business, media companies will start having to cut back.. Hell, people will actually have to start having civilized conversations face to face. OOh dont forget the banks and investment firms, who is going to invest money in a company where workers bring compromised devices into the building every day?
I believe in the FBI director and support his short sighted plan to remove encryption! He may be a tool but he could single handedly kill the control that big businesses and the government have over our lives.
His statement that there's room for compromise is correct. The compromise is that law enforcement accepts that default encryption is in place, it's going to keep getting better, and they're not going to get to dictate or legislate anything about it.
The lame "it makes it harder to do our jobs" doesn't fly. The numbers are against them. The total number of people using devices with default encryption vs the number of devices they want to encrypt makes their sample statistically insignificant.
People want secure encryption. Not "secure except for anyone who has the keys to decrypt it under dubious circumstances" encryption. Companies know that and they're going with what their customers want.
There's an entire division of government dedicated to doing things like breaking encryption. Let them earn their paychecks by working on ways to break encryption. If they can't then that's not the consumer's problem.
Demanding less secure encryption is a slippery slope. If they can force it to happen then they've got precedent for other kinds of default access. Key locks? Need a master key for those so we can enter without constraint. Vehicles? Master key. Email? Master key/default access.
You can't give up one kind of security without putting every other one at risk.
Willful destruction of evidence is a crime if you do it because you think you might be prosecuted for it. It will save your secret plans to rule the world, but it won't save you from prison.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Without a proper means to protect my data from government intrusion, we will just go without. I'll cancel all of our email, cell phone, and other services and stick to farming. There's something to be said for living a simple life. We live on 100 acres in the middle of nowhere already, and we already grow about half the food that we need (we don't have livestock so we buy all of our dairy and meat products).
"People are less safe as a result of it,"
It's always amazing to see the ignorance of such prominent figures put on public display like this. You would think that they'd be unwilling to play the part of a fool for so long and without apparent embarrassment or hesitation. They know damn well you can't have a backdoor without the keys falling into the wrong hands eventually. Even so, they seem ignorant of the fact that most of the public wants to hide their everyday communications from the government, and nobody's to blame for that but the government abusing their powers. In the days of old nobody cared if the FBI or police accidentally picked up some of their phone call while legitimately tapping a criminal's phone (for example). But once the government decided to engage in wholesale surveillance people reacted. Too bad, so sad assholes. You can't put the genie back in the bottle.
It won't be like that.
All they need to do is pass the equivalent of CALEA for chat apps.
It isn't the FBI's problem how companies comply with that kind of law, only that they do.
Or the law will say that phone manufacturers must be able to unlock a phone and provide it to the FBI for access to text messages, etc, when given a subpoena from a judge. The FBI won't care about the mechanics, that's the problem for some geeks in Silicon Valley.
And when they don't some executive level goes to jail or pays $millions in fines.
The FBI doesn't care who has the keys, only that they can access encrypted communications using devices provided to American citizens by American companies.
Wants this so the Russians can get into anything.
We actually need strong encryption to protect us from the "good guys".
How in the world did law enforcement manage to do their jobs BEFORE they had massive amounts of metadata to drink from?
And now they say they need the data too because without it we're not safe. So they're saying they were completely unable to execute law enforcement duties BEFORE the ability to massively spy on everyone became possible? How in the world did they EVER manage to catch any criminals?
Horse shit. Completely & utter horse shit.
Nahah.
Nice to see we still all agree on something.
There are may situations where compromise is possible. (Maybe not likely in our current political climate, but technically possible.)
This is not one of them. This is a binary choice. Encryption is secure or it isn't. It works or it doesn't. It keeps the "good guys" out or it lets the "bad guys" in. Because computers are not magic and cannot tell the difference between a good guy and a bad guy.
Those are facts. A phone that is secure except to US government representatives following due process is a fantasy. You can ask for a compromise between facts and fantasy all you want, but you're not going to get one.
... and did the satirical version!
Publishing source code for how to encrypt securely is First Amendment protected free speech - this was settled in the Pretty Good Privacy case in the 1990's. Phillip Zimmerman put the source for PGP in a dead-tree book, to make absolutely sure the First Amendment would be cited.
So, actually we have a constitutional right to see how to communicate securely.
To a Lisp hacker, XML is S-expressions in drag.
The three-letter agencies had a brief taste of information supremacy after the idiotic Patriot Act was passed in a rush. Them America found out that these agencies were illegally spying on us, and blatantly lying about it. Now they want to go back to the awesome days when they knew everything and nothing was encrypted. F that
How about this for a compromise: I give up my right to keep my conversations to myself, while everyone in Congress, along with all upper administrative personnel in the government are forced to wear body cameras.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
We already have relevant laws:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The Fourth Amendment prohibits legislation that forbids people from keeping their "papers and effects" encrypted when no warrant has been issued. When a warrant has been issued:
nor shall any person [...] be compelled in any criminal case to be a witness against himself
The Fifth Amendment forbids compelling anyone to provide self-incriminating testimony, why should compelling anyone to provide self-incriminating evidence be any different?
Mandating key escrow might be constitutional. Then they could convict for the crime of having an un-escrowed encrypted device even if they couldn't prove terrorism or pedo charges. Remember, Al Capone was convicted of tax evasion, not murder or racketeering.
Why does Wray think that he can get whatever legislation he wants? Yes, there is a history of legislators siding with law enforcement, but it is definitely not a lock.
So the FBI is a legislating body now?
I thought that was the supreme court. /sarc
data when they pry my Palm device from my cold dead hand!
Life is in a state of dynamic equilibrium, it both blows and sucks
Everything the government needed to stop 9/11 was in a government database prior to the attacks. But nobody saw the evidence because the American intelligence agencies are burried under so much data they can't process it.
Public Key Encryption can not be adjusted for a back door. So Wray is asking that it not be used. And if that is then done...Hackers rejoice!!! Our leaders are idiots who did not study any advanced technical courses. Wray must study a Number Theory book before opening is blabbering mouth.
Good thing the opaque envelope was invented before the FBI was created, or they'd be furiously working to get it banned, too.
Can't have criminals and terrorists and -- Think of the children! -- child pornographers and such communicating undetected.
There's no time like the present. Well, the past used to be.
Your honor, my client chose to generate random bytes and put them in 1 bunch of 1G files, neither of which is not a crime.
Those files do not now contain and never did contain anything to decrypt.
You are correct that I haven't written the legislation. But the broad strokes of the case to support exempting uncommon spoken language from regulation of encryption is similar to the case for 40-bit "export-grade" encryption back in the 1990s.
Just because you have your data pre-sorted doesn't make it any more correct.
> nobody cares
wow, you actually think the modern privacy rape is being carried out by _humans_? maybe sitting in a dark camera-array room hidden away somewhere? an army of them, of course, toiling away in the millions - if only there was a better way~
> key escrow can prevent
the only question here is if you're getting your 50 cents or just spreading misinformation for free
I never said a 3DES approach was great only that if someone wanted to roll their own for increased security taking that approach with an existing cipher would be the best option. I did address the key schedule issue when just increasing the rounds as I did state that they would have to generate additional round keys. Cascading ciphers is already used by some tools, see old TrueCrypt or VeraCrypt, but there you are still dependent on a single password.
I didn't make any statements on the feasibility of actually breaking AES. I believe that currently the estimate to break AES128 on an ideal classical computer using the best methods available puts the energy requirements at about 10% of the total annual US energy consumption. If one assumes that there exists an ideal quantum computer that can handle it then AES256 would have the same energy requirement, if not then AES256 has the energy requirement on the order of the mass energy of our sun on an ideal classical computer. This type of discussion is always a fun one because one can always bring up Bruce Schneier's "orgy of computation" statement which is probably one of my favorite ones of all time.
Time to offend someone
They've already got an essentially unlimited access to all moving data...Why would anyone grant them more power and diminish the rights of the citizen more?